Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. TFA is all and good... but on The End of Content Ownership · · Score: 4, Insightful

    Having licensed content available in the cloud is nice, but there is one issue, a major one:

    Owning stuff in this manner is an investment can be easily turned off from a remote source, and there is absolutely zero one can do about it. With books, someone would have to enter my residence unauthorized with a fairly large truck and haul stuff out. Similar with DVDs. All a cloud provider can do is just click a button or enter a SQL statement, and the many thousands of dollars in a game/book/movie/music library are now rendered inaccessible. Lawsuit? Good luck. There have many people who threatened Valve with litigation because VAC banned them, but there has yet to be a single case that goes to court. EULAs are proven and are completely supported by precedents, so a cloud provider essentially states that "we are not responsible if you lose access to a product or your library", and someone with a large library does not have a leg to stand on.

    Even if a lawsuit was successful, a bankruptcy of the cloud provider can render all the licensed content gone.

    This is why people should have local, un-DRM-ed copies of their media they have purchased. It would take a lot more than just a delete to remove access from a library of physical media.

  2. Re:Ok so rumor. Details are where? on Facebook Plans To Show Ads On Websites · · Score: 1

    One of the big questions:

    Will FB actively monitor ads going through their ad network so holes in Flash and other add-ons are not exploited by malware writers? I doubt it. It would be nice if they went the AdSense route because it is almost impossible for a malware writer to propagate malicious code via Google's mechanisms.

    Ads are the #1 route that PCs get infected these days in my personal experience. It would be nice if FB would act in the interest in the whole PC ecosystem and at least check ads for bad content about to go on their rotation services, as opposed to letting blackhats have a field day with another service.

  3. Re:That's how it works on NYPD Anti-Terrorism Cameras Used For Much More · · Score: 4, Interesting

    Exactly. Some say it is a slippery slope, but it has been repeated again and again that something used only for "terrorists" ends up being used to chase down or catch low hanging fruit, such as the potheads smoking out behind a 7-11. Same with laws that were meant for would-be invaders from an enemy country who were looking to cause harm on US soil being used to go after some middle high school kids hanging out at a playground.

    Me, being the cynical person I am, was wondering how long it will be before the camera system, originally meant to catch terrorists trying to kill thousands of people at once would end up being used to chase down misdemeanors such as loitering and criminal trespass [1].

    [1]: The bar for trespass is really low in some places. Walking across a parking lot without buying at a store in a strip mall can get someone charged with this in some areas of the US.

  4. Re:Join the club, comrade on KGB Wants Control of Email and VOIP · · Score: 1

    Similar, but not the same. It is highly doubtful that a Great Firewall of China will be coming up soon for the US, nor posts saying "$POLITICAL_OFFICIAL sux" would be rewritten in flight to praise $POLITICAL_OFFICIAL as they do in some other countries.

  5. Re:Personally... on Appeals Court Affirms Warrantless Computer Searches · · Score: 1

    Careful what you wish for:

    The barrier to be considered a registered criminal is VERY low these days. In fact, most employers don't give a shit about *conviction* records, but *arrest* records. What this means is that a PI when someone was shambling around after a spring break party means they are not going to get hired past McDonald's in the future.

    Until what brands a true criminal (who is truly dangerous and has no doubt forfeitted their rights due to their actions) is more realistically defined, I'd rather have Constitutional rights apply to everyone. Even things that appeared to be obvious like a "violent felon" have been changed -- in some US states, jumping a gate to grab a tossed beach ball in a neighbor's backyard can be considered B&E instead of criminal trespass, and B&E is considered a violent felony in a lot of areas.

  6. App responsiveness will benefit by more cores on Quad-Core Mobile Chips Wasted On Mobiles? · · Score: 1

    With more cores, this will also add a benefit because apps that don't multithread will use one core's CPU time, while other cores are not affected. Say a MP3 player is using one core to play music. The user fires up another task, and instead of taking CPU time away from the MP3 player (possibly causing skipping), it will use another core that is not as utilized.

    So, overall, even if cores are disabled and enabled for power saving reasons, having more of them will provide better overall user responsiveness for a device.

    Best of all would be asymmetric cores. Have a few cores which are low power that run the kernel and the OS, a few cores which are powered up for relatively CPU intensive tasks, a core or two for the radio, a core for security tasks (TPM, etc.), and a couple GPU cores. This would provide the best of all worlds -- low power CPU usage for the idle OS, while giving the oomph enough to play the latest mobile version of Crysis.

  7. Re:It was your fault, after all on Epsilon Breach Used Four-month-old Attack · · Score: 1

    I'm sure none of their minor data hygiene practices have stuff that really matters too:

    If one has Chase, Citi, or a bank that is affected, change the E-mail address to one, preferably something just opened on a non-free domain, like me.com. This way, if the bank does send an official notification, it definitely will be correct, while the phishers will continue to send to the last address.

    Well, this is until someone gets haxxored again and the new E-mail address gets compromised. I doubt there will be more than lip service paid to actually preventing a subsequent breach from happening in the future, because to PHBs, security has no ROI.

  8. Re:plain-text OS? on France Outlaws Hashed Passwords · · Score: 2

    Even during WWII, France really didn't have a choice. It was essentially surrender, and have life pretty much go on as it was, except with Wehrmacht officers sitting at a table at your cafe, versus having the country torched.

    The French also had a strong, organized resistance which was an army in among itself. A person calling these guys cowards or surrender monkeys is just clueless. These guys risked not just their own lives, but their family and friends. Without these guys, and the intel they brought to the Allies (especially Atlantic defenses), D-Day almost certainly would have had a completely different outcome than what it did.

    No American who has had a reasonable education would ever call the French "surrender monkeys".

  9. Re:plain-text OS? on France Outlaws Hashed Passwords · · Score: 1

    What I would do is have a simple table:

    length of password -- 1 byte
    Password (up to 255 characters long, rest padded with zeroes)
    256 bit random saltfrom a cryptographically secure RNG.

    I would then RSA encrypt this and store this output, with the nonce prepended as a salt.

    Advantages of this method:

    1: Decryption is fast.

    2: RSA is slow enough to resist brute forcing.

    Disadvantages:

    Since some of the plaintext is known, a chosen plaintext attack may be doable.

    Of course, there is the simple way to do this, provided the hardware is in a secure location. Have a tamper resistant smart card do all the authenticating.

    On the smart card is an AES key. What the card would do is have three functions:

    Take password, provide the "hashed password". It would take the incoming password, prepend it with a random 256 bit nonce, AES-256 the nonce+password, and output the result.

    Take a password, and its "hash", decrypt the hash with the internal key, compare the values, and return if the password matches or not.

    Finally, (and this is the option that is protected 10 ways from Sunday), the option to take a hash, output the password.

    If done on tamper resistant hardware, this would provide adequate protection because it would take physical uncapping of the chip in a fab environment to even have a chance at pulling out the master AES key.

    Of course, none of this actually will help French security. In fact, it just allows foreign spies a field day if they manage to compromise a site, because they get a nice treasure trove of passwords they can try against other sites.

    Instead, if they had to put their nose into authentication, the French should have mandated secure storage of passwords. TrueCrypt does it the right way. The password is never stored, but checked by decrypting four characters after a number of rounds of hashing. If the characters decrypt to "TRUE", the password is correct. Otherwise, no access.

  10. Depends on company on Ask Slashdot: Would You Take a Pay Cut To Telecommute? · · Score: 5, Insightful

    In some companies, telecommuters tend to be forgotten about. This means that Jack Brown-Nose who comes in and does almost nothing will always be seen by the boss and keep an impression, while the co-workers who are at home actually working are invisible. End result: Jack tends to have an edge when it comes to promotions, or even keeping the job.

  11. Re:Wasn't piracy always a part of Adobe's business on Inducement To Piracy, Adobe Style · · Score: 1

    This is due to two reasons:

    1: DRM isn't needed in businesses due to the BSA. Fear of running afoul of the BSA keeps the licenses current in almost any company, and companies who don't license their software are just one ex-employee with an "anonymous" report away from being shut down due to large fines.

    2: Adobe is the only game in town. Realistically here, the high end camera makers don't write plugins for the GIMP, so if one wants to make use of the RAW images from one's EOS-1 or other camera without losing data, they are either using Photoshop, or perhaps Lightroom. Ever see a pro photographer using the GIMP for their portfolios? Even though the GIMP is excellent, Photoshop is the anointed standard. This is similar when dealing in the CAD arena, one speaks AutoCAD [1], or they don't play.

    [1]: Perhaps SolidWorks and CATIA for CNC stuff as a small exception.

  12. Re:"Standardize hardware" might be the wrong term. on Android 3.0 Is Trickling In, But Are the Apps? · · Score: 1

    This sort of is becoming the case with Android. A lot of apps have dropped support for any Android version pre-2.0.

    I'm sure after 2.4 is dropped and out for a while, anything less than 2.2 is just not going to be supported. The good thing is that the app developers decide who runs the app or not. If the app doesn't really require features in newer operating systems, the devs can set the manifest back to 1.0. If it requires features present in newer operating systems (a good example are multi-gigabyte games which have the option to be installed to SD card), the developer can require whatever version they want.

    Of course, if there are any bugs, since the Android development cycle is so quick (no waiting for app/update approval), they can be fixed very quickly.

  13. Re:Appropriate quote on Samsung Keylogger Stories a False Alarm · · Score: 4, Informative

    I have found that AdBlock does far more to keep malware off a system than any antivirus program out there. Couple that with a decent firewall/NAT box/router, common sense about not running downloaded stuff, and a solid backup system, and that will pretty much make for malware-free computer usage. Using sandboxie doesn't hurt either.

  14. Re:Maybe it's right on Boston College Says Using WiFi Is a Sign of Infringement · · Score: 1

    Even factoring the IP infringement out of the equation, a wireless router gives an unscrupulous person leeway to do a lot of things, all of which would be blamed on the router's owner. Some routers might log MAC addresses, but these are trivial to forge, and if they are not, one can get a USB wireless dongle to do the dirty work, then throw it away.

    A couple examples:

    1: A launch point for hacking the resident network. Dorm networks tend to be pretty low in security, so someone would be able to get something unless the college's IT department is up to snuff.

    2: Spam. If a university admin is clued, outgoing port 25 is locked down tightly, and all mail either uses the proper port, or goes through the university's SMTP server.

    3: Internal phishing attacks. A thorough hit on the university's mail server by phishers likely would get some compromised accounts, which could be used for anything from fraud, to a better base for spamming, or if the user uses the same password university wide, access to decent boxes (and possibly root access if the admins don't keep up on exploits). Since the address would be coming in from the university, people would tend to trust it more.

    Obviously it was misworded, and with all the outrageous stuff going on about IP law, people would get peeved about the statement that a wireless router would contribute to it. However, getting students to lock down their wireless access is a good thing. Other colleges just admin their own wireless network segments and prohibit wireless routers altogether in the dorm rooms (due to bandwidth saturation), and use direction finding hardware to detect and deal with students breaking that rule.

  15. Re:Doing It Wrong on Amazon's Cloud Player: We Don't Need a License · · Score: 1

    It may backfire on them though. If Amazon does draw back a stump, it will give the RIAA better ammunition to go against Google and Apple's negotiations, demand more money, and have more stipulations (DRM) on anything stored on their service. Perhaps fees to charge the user per song streamed as well as forcing a proprietary music client where the music can only be streamed through it.

    Don't think the RIAA is a dying business model. They have managed to score some critical victories. For example, independent net radio is pretty much dead because of them and the license fee hikes.

  16. Re:Putting Amazon.com vs. the RIAA into perspectiv on Amazon's Cloud Player: We Don't Need a License · · Score: 1

    Amazon doesn't have judges that were ex-Amazon employees or consultants. The RIAA can easily get venue changes to steer cases into courtrooms that are sympathetic to their cause. Amazon may be big and have some decent lobby muscle, but the RIAA has been after copy-protection with legal cases for over a century.

  17. Re:As I and many others pointed out yesterday on Amazon's Cloud Player: We Don't Need a License · · Score: 1

    This.

    Yes, Amazon has far better legal power than mp3.com did, but the record labels have been at this stuff for years and have bought themselves sympathetic ears (and a goodly number of laws) worldwide.

    For a car analogy, it would be like a semi rig going against a train at a railroad crossing, as opposed to mp3.com's PT Cruiser. Either way, the fate will be the same in the end.

    Time will tell; I hope Amazon succeeds in this effort because Amazon is just doing active storage for one person, just like box.net. The only difference is that it is for music.

  18. Re:I don't know about this whole "quality" thing on Game Devs Weigh In On Windows Phone 7 · · Score: 1

    There is a devil's advocate side here:

    Having the kid be the "cool kid" means that he has a strong friend/contact network going into high school and college. This can mean the difference between him having a stable/secure career versus a hand-to-mouth existence from entry level job to entry level job.

    Sometimes, quantity of people known is important, because it may be possible to find someone, somewhere who might need an employee, and employers far rather hire a known quantity.

    This doesn't mean one feels free to hand the 8 year old an XBox with every game out there, but it doesn't hurt to be able to have the kid score acquaintances by a cool factor either, as those acquaintances might be helping him find a career later on in life.

  19. Re:I don't know about this whole "quality" thing on Game Devs Weigh In On Windows Phone 7 · · Score: 1

    Spot on. The older games had to be not just tested, but tested to a solid degree of stability. A bug on the media was part of the game for life, so game makers had to be quite good at making sure things were cleaned up.

    The problem with modern consoles and updates is the fact that console games now suffer from the same problems as PC games -- game companies ship what would be an early beta when it comes to quality, write a patch to cover about 75% of the most glaring show-stopper bugs, and then move onto the next game. A game like NeverWinter Nights which saw a *ton* of not just bug fixes, but enhancements (where the game was almost perfect when the final patch was made) just wouldn't be made these days, unless it was a Blizzard title.

  20. Re:I wonder something else on WP7 Predicted To Beat iPhone By 2015 · · Score: 1

    They wouldn't have to exclude Android by name; they just license their new and improved secure ActiveSync protocol only to Apple and no others.

    The PHB types tend to go for iPhones and Blackberries. BES handles the backend for those devices, so MS excluding everyone else from the game but themselves and Apple.

    You are completely right about Android's lack of Exchange support (especially security profiles, encryption, and such.) Apple's devices encrypt all the data, while Android devices tend to lie to the Exchange server about capabilities. Of course, this would be easy to solve -- EncFS+FUSE is one way because this allows for file by file encryption. LUKS is another way, and completely encrypting the SD card would provide more than adequate protection.

    Of course, Android's Exchange support (or lack thereof) is somewhat easily worked around -- apps such as NitroDesk TouchDown fully supports encryption, profiles, remote wipes, and the other items needed for enterprise security.

  21. Re:I wonder something else on WP7 Predicted To Beat iPhone By 2015 · · Score: 1

    Depending on how evil MS could be, they could make it where Exchange would have a bevy of new security features... but they would only work with WP7 and iOS phones. Doing this would effectively shoot Android's chances from ever getting a toehold in the enterprise. Most businesses rely on Exchange, and even Apple came crawling to Microsoft to make their devices compatible. All it would take is having a new server to mobile protocol, and that effectively would end any chance of any device MS doesn't allow in most businesses.

    Reverse engineering of the protocol? Patent laws to squash the commercial guys and DMCA laws to squash everyone else.

    Microsoft makes the rules with Exchange, and a significant majority of businesses out there toe the line. MS could take advantage of this and pretty much say its WP7 or the highway when it comes to the enterprise.

  22. Re:Hey Sony! Pack up your bags and leave on Geohot Battles Back Against Sony · · Score: 1

    1: For most phones in the US, it is different than in other countries where one just swaps out a SIM (or R/UIM) card for another. For example, if Verizon killed service, the iPhone would end up a rather clunky PDA, because it is locked to their network, and Sprint is known (although may have changed as of recently) to refuse all service to devices unless sold by them. So, a loss of service will mean at least a new phone, perhaps a change in number.

    2: Show me a cracked Motorola Android phone. No, the original Droid does not count. Find a Milestone, a Flipout, an Atrix, a Cliq, with a cracked bootloader that offers custom ROMs without the ROM "chef" having to use the kexec() hack. Yes, someone might crack the device, but for most ROM modders, it just isn't worth the time. This will only get worse over time, especially as HTC gets raked over the coals to start making their devices more crack-resistant.

    3: This is one of those things that would be an arms race. ROM gets pushed out, it gets cracked so rooted/custom phones say it is a standard ROM when it isn't. However, the stakes of having a phone blacklisted from networks may result in people not bothering, especially if their Apple/Google/MS IDs get banned in the process. It is like Valve's Anti-Cheat -- just the threat of losing access to hundreds, if not thousands of dollars worth of stuff keeps people from doing this. So, yes, it can be bypassed, but with DMCA takedowns left and right, mass bans of devices and userIDs, it would be pushed to the fringes.

    4: Figuring out the key is easier said than done. Apple's new baseband ROM in the iPhone 4 and 3GS has the best guys in the industry poking at the thing, and it has yet to be cracked. Yes, it will get cracked, but the goal is to have the phone withstand attack until at least 1-2 generations of devices have hit the market. At this point, it will be pointless.

    5: You think the government would do anything in this political climate? Think again. Look at all the info Apple gets about iPhone users as they walk around. At the most, you might see a senator waving their finger.

    6: Then Apple after a certain period of time tells the carriers to not provide service to devices reporting beta operating systems.

    7: This is completely untested waters, and the court precedent would go to whom has the deepest pockets. Even banned IMEI phones can still dial 911. However anything more than that isn't going to be allowed. It would be trivial for Apple to ship iPhones with one type of protection, then without announcing it, change it. If FPGA/eFuse based, the hardware would remain the same, and of course, access to the JTAG flashing would be encrypted or blown out before it ever left the Foxconn factory.

    8: EULAs. Software is technically not sold, but software makers are almost never held liable for its failure. Hardware makers might be sued if the hardware physically injures someone. However, having the hardware leased and turned off from remote if the EULA is violated is definitely a well supported court precedent. Someone would have to have the resources of Donald Trump to find a reason why a company cannot disable a device that is technically theirs.

    These arguments I state are realistic and can easily happen. You think a regulatory commission would step in? Not going to happen in this political climate. Take the FCC. They are being rendered toothless by the new Congress and lobbyists. Essentially the only thing they really can do in an enforcement basis is chase after teenagers and their pirate radio stations, or intercept shipments of cellphone jammers.

    Cellular carriers can drop anyone off their network at anytime and cite "security reasons". Luck++ in a court to find a sympathetic judge, especially when they use the argument of "this user was using a device potentially dangerous to the US's telecom infrastructure."

    So, for the tl;dr crowd, Apple take a lot meaner stance jailbreaking even though technically it is legal. All it woul

  23. Re:News? on MySpace Loses Ten Million Users In One Month · · Score: 1

    I'd disagree. There isn't a social networking site that is cool enough to compete with FB as of now.

    When FB came to common view, for a couple years, it and MySpace coexisted, where the "cool" kids were on MySpace and the others ended up on FB. Then by the force of peer pressure, pretty much people moved to FB in toto.

    MySpace still may exist -- it is a decent place for bands and having music ready to listen to. However, as a social network, its days are past. Maybe MySpace's best bet is to retool as a band site, similar to the heyday of mp3.com.

    I'd love to see something replace FB... perhaps a network with security from the ground up built in, and the option for having more elaborate security measures as an option (free or paid), such as a Vasco token, SMS authentication, or something along those lines.

  24. Re:If they own the copyright... on Ultima IV — EA Takedowns Precede Official Reboot · · Score: 1

    Different markets. There are far fewer people who played Ultima 1-4 than there are aging hippies who yearn for another Woodstock.

    The games are being sold to 14-30 in age range. Yes, some of the older gamers may remember some of the Origin games, but most of the people marketed to consider World of Warcraft a classic game, and Everquest a rickety old MMO for old people.

    So, EA and other companies with older IP will have their bean counters tell them to try to get the old stuff as forgotten as possible, so later on, they can do a "grittier reboot" of it.

  25. Re:duh on Censorware Vendors Can Stop Mid-East Dealings · · Score: 3, Insightful

    You just summed up 95% of everything that gets on yro.slashdot.org with that single sentence.